Fireware 12.0 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.0 and WSM 12.0 after a comprehensive Beta where the release was installed 400 Fireboxes around the world. These significant new releases are now available for download from the software download center.

Fireware 12.0 improves on the efficacy and performance of our Gateway Antivirus (GAV) service through the introduction of a new lightweight detection engine. Fireware 12.0 also introduces more secure defaults, improvements to APT Blocker, and continued support for more advanced networking use cases. You can find full details in the What’s New presentation on the website, and we encourage everyone upgrading to read the Release Notes in advance. Here is a quick summary of some key enhancements:

New GAV engine from Bitdefender with many benefits:

Breadth of Protection against known threats with industry-leading file coverage

Rapid response to new threats with multiple incremental signature updates per day

Machine learning to assist in detection of unknown and evasive malware types

Many of the settings in the VPN area have been updated to stronger default cryptography settings for authentication and encryption. SHA-256 and AES-256 are now the default in most cases. We have also removed the PPTP option for VPN because it is no longer considered to be a secure protocol.

There are some APT Blocker improvements to guard against the delivery of zero-day malware and ransomware via email, including

Optional delay in email messages while waiting for results from the sandbox detonation of unknown attachments

Analysis and detonation of javascript files that are included in email

There are more advanced networking use cases.

Host Header redirection allows the hosting of different web applications behind a single public IP address, by routing traffic based on URL paths included in HTTP headers.

The Firebox can pass multicast (PIM-SM) traffic, which is used to deliver application traffic from one to many nodes – typically used in VoIP and broadcast applications.

AV Signatures in 11.x releases
Previously WatchGuard had announced that we would discontinue support for AV signatures for the older AVG engine in Fireware 11.x by January 2018. This support will now be extended until April 2018. We will continue to notify partners and customers about this issue over the coming months.

Does this release pertain to me?
The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which are now End of Life (EOL), and XTM 505, 510, 520, and 530 which are EOL in December of this year.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Contact
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

Firedot Highlight Reports

Getting threat intelligence into your existing security products – SIEMs, endpoints, network tools — can significantly enhance their effectiveness. Here at Anomali we understand the value of product integrations, so much so that my entire job is to manage the 30+ we currently offer. Recently we launched a feature that allows you to create your own threat […]

The intelligence in this week’s iteration discuss the following threats: Compromised server, Cryptocurrency miner, Data theft, Malspam, Phishing, Targeted attacks, Underground markets, and Vulnerabilities. The IOCs related to these stories are attached to the WTB and can be used to check your logs for potential malicious activity. Trending Threats Olympic Destroyer Takes Aim At Winter […]

In our last post, we talked about how companies can use the concept of a No-Fly list to keep malicious actors out of their networks. So how does a cyber No-Fly list work in a real situation? We spoke with one of our customers, Alaska Airlines, about how they make the most of threat intelligence […]

My name is Teddy Powers. I have worked for Anomali (formerly ThreatStream) for almost the last three years and it’s been one of the best experiences of my life. But if you looked at my résumé or LinkedIn, much like anyone else, you’d do a double take. How in the world did he score a […]

North Korea, or more formally, the Democratic People’s Republic of North Korea (DPRK), is no stranger to international headlines. Most notably, it has captured attention in recent years for its nuclear testing and ballistic missile launches. Events in the cyber landscape have brought negative attention to North Korea as well. The United States officially blamed […]